PCI compliance

Killer_Rubber_Ducky · Jul 25, 2012, 12:18 AM

I was working at a Call center and we had to be PCI compliant. I understand the importance of PCI compliance but am curious about some of the policies put in place.
Almost every day there are times of blue (when there are no calls) and we are not allowed to talk to coworkers as they may be on the phone. (makes sense)

One of the "PCI compliance" policies in effect was the banning of reading material of any form from the call floor. I mean LOTR, PC World, etc. What does that have to do with PCI compliance? How is preventing us from reading a chapter or 2 when we have blue since we are banned from surfing the web, securing data? Electronic devices were banned of course so no Nook or Kindles.(given)

Kreij · Jul 25, 2012, 12:33 AM

It's not "in-scope with PCI requirements, however ...

Quote:

Do we need a 'clean room?'

From a PCI compliance perspective, the answer is ‘no’, although there are a number of PCI requirements that would lead you to restrict what is in the actual call center. However, best practice is to operate any call center handling potentially sensitive data in a ‘sterile’ environment.

That means clean desks, no personal items at the workstation, no paper and pens for writing things down, locked down workstations and other restrictions so that sensitive information is not leaked from the call center.
The idea for creating a sterile environment by banning cell phones and giving personnel lockers to secure their personal items is in line with what we see in call centers. In addition, I think most call center organizations find that their clients require such approaches to ensure that their customers’ privacy and security is maintained.

In addition to all of the physical security, call center personnel need to be trained regarding security and privacy. Call center personnel need to sign an agreement that says they acknowledge that they will be in contact with cardholder data and that the cardholder data is to be protected in compliance with the PCI DSS and other regulatory and legal requirements.

If your employer wants a "sterile" environment that is up to them and you have to put up with it if you want to work there.

Killer_Rubber_Ducky · Jul 25, 2012, 01:56 AM

Quote:

Originally Posted by Kreij

It's not "in-scope with PCI requirements, however ...

If your employer wants a "sterile" environment that is up to them and you have to put up with it if you want to work there.

thanks. It just seemed odd that a week before the audit they banned personal items. I no longer work for them but it seemed odd.

remixedcat · Jul 25, 2012, 04:16 AM

Please respect those guidelines. I work with a hosting company that's PCI-Compliant as well called inetu that has a very secure datacenter.

Jul 25, 2012, 12:18 AM	#1
Killer_Rubber_Ducky Join Date: Oct 2009 Location: Starkville, MS Posts: 898 (0.67/day) Thanks: 1,030 Thanked 259 Times in 193 Posts System Specs	PCI compliance I was working at a Call center and we had to be PCI compliant. I understand the importance of PCI compliance but am curious about some of the policies put in place. Almost every day there are times of blue (when there are no calls) and we are not allowed to talk to coworkers as they may be on the phone. (makes sense) One of the "PCI compliance" policies in effect was the banning of reading material of any form from the call floor. I mean LOTR, PC World, etc. What does that have to do with PCI compliance? How is preventing us from reading a chapter or 2 when we have blue since we are banned from surfing the web, securing data? Electronic devices were banned of course so no Nook or Kindles.(given) __________________ Heatware 'To err is human, to really mess things up requires a computer.'

System Name:	FumoffuFumoffu
Processor:	AMD FX 8120 x8 3.1 Ghz
Motherboard:	ASUS CrossHair V 990FX ROG edition
Cooling:	Corsair H100i
Memory:	16GB DDR3 2133 GSkill Model F3-17000CL9D-8GBSR Sniper Series
Video Card:	Sapphire AMD Radeon HD 7970 OC
Hard Disk:	1- WD 500GB 1- Samsung F2 1.5TB 1- Crucial M4 128GB SSD 1-256GB ADATA XPG SX900 ASX900S3 SSD
Optical Drive:	DVDRW
CRT/LCD Model:	Hanns-G HZ281HPB 27.5'' 3ms Full HD 1920x1200 WideScreen LCD Monitor
Case:	Corsair Graphite Series 600T
Sound Card:	Creative Soundblaster X-Fi Titanium
PSU:	Antec Earthwatts 750W
Software:	Windows 7 Pro x64

Processor:	Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard:	Asus Rampage Formula
Cooling:	ZeroTherm Nirvana NV120 Premium
Memory:	8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card:	2 x Sapphire Radeon HD6970
Hard Disk:	2 x Seagate Barracuda 320GB in RAID 0
Optical Drive:	Sony DRU-120C DVD-RW
CRT/LCD Model:	Dell 3007WFP 30" LCD (2560 x 1600)
Case:	Thermaltake Armor w/ 250mm Side Fan
Sound Card:	SupremeFX 8ch Audio
PSU:	Thermaltake Toughpower 750W Modular
Software:	Win8 Pro x64 / Cat 12.10

System Name:	FumoffuFumoffu
Processor:	AMD FX 8120 x8 3.1 Ghz
Motherboard:	ASUS CrossHair V 990FX ROG edition
Cooling:	Corsair H100i
Memory:	16GB DDR3 2133 GSkill Model F3-17000CL9D-8GBSR Sniper Series
Video Card:	Sapphire AMD Radeon HD 7970 OC
Hard Disk:	1- WD 500GB 1- Samsung F2 1.5TB 1- Crucial M4 128GB SSD 1-256GB ADATA XPG SX900 ASX900S3 SSD
Optical Drive:	DVDRW
CRT/LCD Model:	Hanns-G HZ281HPB 27.5'' 3ms Full HD 1920x1200 WideScreen LCD Monitor
Case:	Corsair Graphite Series 600T
Sound Card:	Creative Soundblaster X-Fi Titanium
PSU:	Antec Earthwatts 750W
Software:	Windows 7 Pro x64

Jul 25, 2012, 04:16 AM	#4
remixedcat Join Date: May 2010 Posts: 1,226 (1.08/day) Thanks: 788 Thanked 253 Times in 195 Posts System Specs	Please respect those guidelines. I work with a hosting company that's PCI-Compliant as well called inetu that has a very secure datacenter. __________________ System:Intel i5 3570K @ 3.4Ghz//ASRock Z77 Pro3//Coolemaster Hyper 212 Evo//16GB Corsair XMS3//EVGA Nvidia GTX 650Ti SSC 1GB//128GB Samsung 840 SSD/1.5TB Seagate HDD//Antec Three Hundred Two//620w Antec High Current Gamer HCG-620M//Windows Server 2012 x64 Standard Misc:Samsung SyncMaster P2350 23in@1920x1080+LG Flatron 19in 1440x900//IoSafe Fireproof ext 500GB HDD//Amped Wireless R20000G high power router//APC BackUPS XS1000 UPS Websites: AGNXNetworks//RemixedCat's Place Of Meow Blog

System Name:	RemixedBeast
Processor:	Intel i5 3570K @ 3.4Ghz
Motherboard:	ASRock Z77 Pro3
Cooling:	Coolemaster Hyper 212 Evo
Memory:	16GB Corsair XMS3
Video Card:	EVGA Nvidia GTX 650 Ti SSC 1GB
Hard Disk:	1.5TB Seagate/128GB Samsung 840
Optical Drive:	None
CRT/LCD Model:	Samsung SyncMaster P2350 23in @ 1920x1080 + LG Flatron 19in Widescreen 1440x900
Case:	Antec Three Hundred Two
PSU:	620w Antec High Current Gamer HCG-620M
Software:	Windows Server 2012 x64 Standard

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PCI-SIG Announces PCI-Express 4.0 Evolution to 16 GT/s, Twice That of PCIe 3.0	btarunr	News	12	Dec 2, 2011 02:25 AM
will a pci express x1 card work in a pci ex x2 slot on my mobo.??	Achilles1600	General Hardware	11	Aug 13, 2009 03:58 AM
Will a PCI Express card work in a PCI Riser Cage?	mattwd	Motherboards & Memory	2	Jun 30, 2008 07:10 AM
Microsoft criticizes Google on copyright compliance	wazzledoozle	News	20	Mar 9, 2007 12:53 AM